privacy policy

Grillzimmer Firmenlogo in schwarz

We greatly appreciate your interest in our company. Data protection is of utmost importance to us! The use of Grillzimmer GmbH’s website is generally possible without providing any personal data. However, if an individual wishes to access special services offered by our company through our website, processing of personal data may be necessary. If such processing is required and there is no legal basis for it, we always obtain consent from the affected person. Feel free to explore our offerings and create memorable outdoor cooking experiences!

The processing of personal data, such as the name, address, email address, or telephone number of an affected person, always occurs in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to Grillzimmer GmbH. Through this privacy policy, our company aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Additionally, affected individuals are informed about their rights through this privacy statement1. If you have any further questions or need assistance, feel free to ask!

Grillzimmer GmbH, as the data controller, has implemented numerous technical and organizational measures to ensure comprehensive protection of the personal data processed via this website. However, internet-based data transmissions can inherently have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, affected individuals are free to transmit personal data through alternative means, such as by phone.

Privacy policy

This privacy policy informs you about the nature, scope, and purpose of processing personal data (referred to as ‘data’) within the scope of our services, as well as on our online offerings, associated websites, features, and external online presences, such as our social media profiles (collectively referred to as ‘online offerings’). Regarding the terminology used, such as ‘processing’ or ‘controller,’ we refer to the definitions in Article 4 of the German Data Protection Regulation (GDPR).

Responsible party

Grillzimmer GmbH
Pfarrer-Adolf-Göbel-Ring 13
96148 Baunach


Company owners: Michael Hofmann & Christian Böttger

To the imprint:

Data Protection Officer: Michael Hofmann

Types of data processed

– (Inventory Data): These include essential information about individuals, such as personal master data (names or addresses).
– (Contact Data): This category encompasses details like email addresses and phone numbers.
– (Content Data): These are data related to the content of communication. For instance, when someone submits a message via a contact form on a website, the text input, photographs, or videos would fall under content data.
– (IP Addresses and Login Data): IP addresses are unique identifiers assigned to devices connected to a network. Login data refer to information associated with user authentication, such as login credentials.

Categories of affected individuals:

Visitors and users of the online offering (hereinafter collectively referred to as ‘users’).

Purpose of processing


– Provision of the online offer, its functions, and content.
– Answering contact requests and communicating with users.
– Security measures.
– Processing of orders and inquiries.

Terms used

“Personal data” refers to all information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is one who can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., a cookie), or one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” refers to any operation or series of operations related to personal data, whether performed with or without the aid of automated procedures. The term encompasses practically any handling of data.

“Pseudonymization” involves processing personal data in a way that the data can no longer be attributed to a specific data subject without additional information. This additional information must be kept separately and be subject to technical and organizational measures to ensure that the personal data is not assigned to an identified or identifiable natural person.

“Profiling” refers to any form of automated processing of personal data used to evaluate specific personal aspects related to a natural person. This evaluation may include aspects related to work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movement of that natural person.

The term “Controller” refers to a natural or legal person, authority, institution, or other body that alone or jointly with others determines the purposes and means of processing personal data.

An “Processor” is a natural or legal person, authority, institution, or other body that processes personal data on behalf of the controller.

Relevant legal bases

According to Article 13 of the German Data Protection Regulation (GDPR), we inform you about the legal bases for our data processing. For users within the scope of the GDPR (i.e., the EU and the EWG), the following applies if the legal basis is not explicitly stated in the privacy policy.

The legal basis for obtaining consent is Article 6(1)(a) and Article 7 of the GDPR.

The legal basis for processing to fulfill our services, perform contractual measures, and respond to inquiries is Article 6(1)(b) of the GDPR.

The legal basis for processing to fulfill our legal obligations is Article 6(1)(c) of the GDPR.

In cases where vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.

The legal basis for necessary processing carried out in the public interest or in the exercise of official authority vested in the controller is Article 6(1)(e) of the GDPR.

The legal basis for processing to safeguard our legitimate interests is Article 6(1)(f) of the GDPR.

Processing of data for purposes other than those for which they were collected is determined by the provisions of Article 6(4) of the GDPR.

The processing of special categories of data (as defined in Article 9(1) of the GDPR) is governed by the provisions of Article 9(2) of the GDPR.

Safety measures

In accordance with legal requirements and considering the state of the art, implementation costs, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection commensurate with the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access, input, transmission, securing availability, and separation. Furthermore, we have established procedures to facilitate data subjects’ rights, data deletion, and responses to data breaches. Additionally, we consider the protection of personal data during the development or selection of hardware, software, and procedures, in line with the principle of privacy by design and default settings.

SSL encryption

To ensure the security of your data during transmission, we use state-of-the-art encryption methods (e.g., SSL) via HTTPS. Additionally, HTTPS can help prevent identity theft.

When processing data, we collaborate with data processors, joint controllers, and third parties.

Disclosing data to other individuals or companies (such as data processors, joint controllers, or third parties), transmitting it to them, or granting them access to the data is done solely based on legal permission (e.g., when data transmission to third parties, such as payment service providers, is necessary for contract fulfillment), user consent, legal obligations, or our legitimate interests (e.g., when using agents, web hosts, etc.).

If we disclose data to other companies within our corporate group, transmit it to them, or grant them access, this is primarily for administrative purposes as a legitimate interest and in accordance with legal requirements.

Transfers to third countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA), or the Swiss Confederation), we do so only if it is necessary to fulfill our (pre-)contractual obligations, based on your consent, due to a legal obligation, or in accordance with our legitimate interests. Subject to legal or contractual permissions, we process or allow data processing in a third country only when the legal requirements are met. For example, processing may occur based on special guarantees, such as the officially recognized determination of an EU-equivalent level of data protection (e.g., for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations.

Rights of the data subjects

You have the right to request confirmation whether relevant data is being processed and to obtain information about this data, as well as a copy of the data, in accordance with legal requirements.

In accordance with legal provisions, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.

Subject to legal requirements, you have the right to demand that relevant data be promptly deleted or, alternatively, to request a restriction of data processing according to legal provisions.

You also have the right, in accordance with legal provisions, to receive the data concerning you that you have provided to us and to request its transmission to other responsible parties.

Furthermore, in accordance with legal provisions, you have the right to file a complaint with the competent supervisory authority.

Right of withdrawal

You have the right to revoke a consent given at any time with effect for the future.

Right to object 

You can object to the future processing of data concerning you at any time in accordance with legal requirements. The objection can be directed specifically against processing for direct advertising purposes. 


Cookies and right to object to direct advertising.

The term ‘cookies’ refers to small files that are stored on users’ computers. Within cookies, various information can be stored. A cookie primarily serves to store information about a user (or the device where the cookie is stored) during or after their visit to an online service. Temporary cookies, also known as ‘session cookies’ or ‘transient cookies,’ are cookies that are deleted after a user leaves an online service and closes their browser. Such a cookie can store, for example, the contents of a shopping cart in an online store or a login status. ‘Permanent’ or ‘persistent’ cookies are those that remain stored even after the browser is closed. For instance, a login status can be saved if users revisit the service after several days. Similarly, such cookies can store user interests for measuring reach or marketing purposes. ‘Third-party cookies’ refer to cookies offered by providers other than the responsible party operating the online service (otherwise, if they are only the responsible party’s cookies, they are called ‘first-party cookies’).

We may use both temporary and permanent cookies and provide information about this in our privacy policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. Excluding cookies may result in limitations to the functionality of this online service.

A general objection to the use of cookies for online marketing purposes can be made through various services, especially in the case of tracking, via the US-based site or the EU-based site Additionally, the storage of cookies can be disabled through browser settings. Please note that this may potentially limit the functionality of this online service.

Deletion of data

The data processed by us will be deleted or restricted in accordance with legal requirements. Unless expressly stated otherwise in this privacy policy, the data stored with us will be deleted as soon as they are no longer necessary for their intended purpose and there are no legal retention obligations preventing deletion.

If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

Changes and updates to the privacy policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We update the privacy policy whenever changes to the data processing we carry out require it. We will notify you as soon as any changes necessitate an action on your part (e.g., consent) or any other individual notification.

Registration function 

As part of the registration process, users are informed of the mandatory information and, based on Article 6(1)(b) of the GDPR, this data is processed for the purpose of providing the user account. The processed data includes login information (such as name, password, and email address) provided during registration, which is used for the purpose of using the user account.

Users can receive email notifications regarding relevant information related to their user account, such as technical changes. If users terminate their user account, their data related to the account will be deleted, subject to any legal retention obligations. It is the users’ responsibility to secure their data before the contract ends upon termination. We are authorized to irreversibly delete all data stored during the contract period.

In the context of using our login features and the user account, we store the IP address and timestamp of each user action. This storage is based on our legitimate interests and the user’s protection against misuse and unauthorized use. Generally, this data is not shared with third parties unless necessary for pursuing our claims or if there is a legal obligation under Article 6(1)(c) of the GDPR. IP addresses are anonymized or deleted within 7 days.


When contacting us (e.g., via contact form, email, telephone, or social media), user information is processed for the purpose of handling and processing the contact request in accordance with Article 6(1)(b) (within contractual/pre-contractual relationships) and Article 6(1)(f) (other inquiries) of the GDPR. User details may be stored in a Customer Relationship Management System (CRM system) or a similar inquiry organization.

We delete requests if they are no longer necessary. We review the necessity every two years, and legal archiving obligations also apply.


With the following information, we inform you about the content of our newsletter, as well as the registration, dispatch, statistical evaluation procedures, and your right to object. By subscribing to our newsletter, you agree to receive it and the described processes.

Content of the newsletter: We send newsletters, emails, and other electronic notifications containing promotional information (referred to as ‘newsletter’) only with the consent of recipients or based on legal permission. If the content of the newsletter is specifically described during the registration process, it is relevant for obtaining user consent. Additionally, our newsletters include information about our services and us.

Double opt-in and logging: Newsletter registration follows a double opt-in process. After registering, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent unauthorized sign-ups using other email addresses. Newsletter registrations are logged to comply with legal requirements. This includes storing the registration and confirmation timestamps, as well as the IP address. Changes to data stored by the mailing service provider are also logged.

Registration data: To subscribe to the newsletter, simply provide your email address and name.

For newsletter distribution, we use Mailchimp by The Rocket Science Group, LLC, located at 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308, USA. This allows us to directly engage with subscribers. Additionally, we analyze user behavior to optimize our offerings.

We share the following personal data with Mailchimp:

Email address
First name
Last name

Our newsletters include a link that allows you to update your personal data. You can find this link at the bottom of every website in the footer.

Mailchimp acts as the recipient of your personal data and processes it as our data processor for the purpose of sending our newsletter. The processing of the data specified in this section is neither legally nor contractually required. Without your consent and the transmission of your personal data, we cannot send newsletters to you.

Additionally, Mailchimp collects the following personal data using cookies and other tracking methods: information about your device (IP address, device details, operating system, browser ID, information about the application you use to read your emails, and further details about hardware and internet connection). Furthermore, usage data is collected, such as the date and time when you opened the email/campaign and browser activities (e.g., which emails/websites were opened). Mailchimp requires this data to ensure the security and reliability of its systems, compliance with terms of use, and prevention of abuse. This corresponds to Mailchimp’s legitimate interest (pursuant to Art. 6(1)(f) of the GDPR) and serves the performance of the contract (pursuant to Art. 6(1)(b) of the GDPR). Additionally, Mailchimp analyzes performance data, including email delivery statistics and other communication data, to create usage and performance statistics for its services.

Mailchimp also collects information from other sources about you. In an unspecified period and scope, personal data is collected from social media and other third-party data providers. We have no influence over this process.

For more information on how to object to or delete data related to Mailchimp, please visit: Mailchimp Privacy for Contacts.

The legal basis for these processing activities is your consent in accordance with Art. 6(1)(a) of the GDPR. You can revoke your consent for the processing of your personal data at any time. Each communication contains a corresponding link for this purpose. Additionally, you can also revoke consent through the specified contact options. The revocation will not affect the lawfulness of the processing carried out prior to the withdrawal.

Your data will be processed as long as the relevant consent is in place. Apart from that, your data will be deleted after the termination of the contract between us and Mailchimp, unless legal requirements necessitate further storage.

Mailchimp has implemented compliance measures for international data transfers. These apply to all global activities where Mailchimp processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: Mailchimp Privacy for Contacts.

The dispatch of the newsletter and the associated success measurement are based on the consent of the recipients according to Art. 6(1)(a), Art. 7 of the GDPR in conjunction with § 7(2) No. 3 of the German Unfair Competition Act (UWG), or, if consent is not required, based on our legitimate interests in direct marketing according to Art. 6(1)(f) of the GDPR in conjunction with § 7(3) of the UWG.

The logging of the registration process is based on our legitimate interests according to Art. 6(1)(f) of the GDPR. Our interest lies in using a user-friendly and secure newsletter system that serves both our business interests and meets user expectations, while also allowing us to provide evidence of consents.

Cancellation/Revocation – You can cancel the receipt of our newsletter at any time, i.e., revoke your consent. A link to unsubscribe from the newsletter can be found at the end of each newsletter. We may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them, in order to demonstrate a previously given consent. The processing of this data is limited to the purpose of potential legal defense. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed.

Online presence in social media

We maintain online presences within social networks and platforms to communicate with active customers, prospects, and users and to inform them about our services.

We would like to point out that user data may be processed outside the European Union in this context. As a result, risks may arise for users, as enforcement of user rights could be more difficult. Regarding US providers certified under the Privacy Shield, we emphasize that they commit to complying with EU privacy standards.

Furthermore, user data is typically processed for market research and advertising purposes. For example, usage behavior and resulting user interests can be used to create user profiles. These profiles can then be used to display advertisements both within and outside the platforms, which presumably align with users’ interests. For these purposes, cookies are usually stored on users’ computers, containing information about usage behavior and user interests. Additionally, data can be stored in user profiles independently of the devices used by users (especially if users are members of the respective platforms and are logged in).

The processing of users’ personal data is based on our legitimate interests in effective user information and communication, according to Art. 6(1)(f) of the GDPR. If users are asked for consent by the respective platform providers regarding the aforementioned data processing, the legal basis for processing is Art. 6(1)(a), Art. 7 of the GDPR.

For a detailed presentation of the respective processing activities and options for objection (opt-out), we refer to the linked information provided by the providers.

In the case of inquiries for information and the assertion of user rights, we emphasize that these are most effectively addressed directly with the providers. Only the providers have access to user data and can take appropriate measures and provide information. If you still need assistance, feel free to reach out to us.

Integration of third-party services and content

It refers to incorporating content or services from external providers into an online platform. These third-party offerings, such as videos or fonts, are embedded within the platform based on the operator’s legitimate interests. To achieve this, the IP addresses of users are typically processed by the content providers, as the IP address is necessary for delivering the content to their browsers. Efforts are made to use content from providers who only use IP addresses for content delivery. Additionally, third parties may utilize pixel tags (also known as “web beacons”) for statistical or marketing purposes, allowing them to analyze visitor traffic on the website. Pseudonymous information may also be stored in cookies on users’ devices, including technical details about browsers, operating systems, referring websites, visit times, and other usage-related data, which can be combined with information from other sources1.

Real Cookie Banner

To manage the cookies and similar technologies (tracking pixels, web beacons, etc.) and related consents, we use the consent tool ‘Real Cookie Banner.’ Details about the functionality of ‘Real Cookie Banner’ can be found at this link.

The legal bases for processing personal data in this context are Article 6(1)(c) of the GDPR (General Data Protection Regulation) and Article 6(1)(f) of the GDPR. Our legitimate interest lies in managing the deployed cookies and similar technologies and handling related consents.

Providing personal data is neither contractually required nor necessary for concluding a contract. You are not obligated to provide personal data. However, if you do not provide personal data, we cannot manage your consents.

Google Fonts

We integrate the fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: These fonts are directly embedded into our website, so there is no need for external downloads from third-party servers.

Google ReCaptcha

We integrate the function for bot detection, such as in online forms (‘reCAPTCHA’), from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy:, Opt-Out:

Google Maps

We integrate the maps from the service “Google Maps,” provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include IP addresses and location data of users, which are typically collected with their consent (usually through their mobile device settings). The data may be processed in the United States. For more details, you can refer to the privacy policy., Opt-Out:

Use of Facebook social plugins

We use social plugins (‘plugins’) from the social network based on our legitimate interests (i.e., interest in analyzing, optimizing, and economically operating our online offering within the meaning of Art. 6(1)(f) of the GDPR). These plugins are operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. They may include content such as images, videos, or text, along with buttons that allow users to share content from this online offering within Facebook. The list and appearance of Facebook social plugins can be viewed.

Facebook is certified under the Privacy Shield agreement, thereby guaranteeing compliance with European data protection law (

When a user accesses a feature of this online service that contains such a plugin, their device establishes a direct connection to Facebook’s servers. The content of the plugin is transmitted directly from Facebook to the user’s device and integrated into the online service. User profiles can be created from the processed data. We have no influence over the extent of data collected by Facebook through this plugin and inform users accordingly based on our knowledge.

By incorporating the plugins, Facebook receives information that a user has accessed the corresponding page of the online service. If the user is logged in to Facebook, Facebook can associate the visit with their Facebook account. When users interact with the plugins, such as clicking the Like button or leaving a comment, the relevant information is transmitted directly from their device to Facebook and stored there. Even if a user is not a Facebook member, Facebook may still obtain and store their IP address. According to Facebook, only an anonymized IP address is stored in Germany.

The purpose and scope of data collection, as well as the further processing and use of data by Facebook, along with the relevant rights and privacy settings for users’ protection, can be found in Facebook’s privacy policy.

If a user is a Facebook member and does not want Facebook to collect data about them through this online service and link it to their stored member data on Facebook, they must log out of Facebook before using our online service and delete their cookies. Further settings and objections related to the use of data for advertising purposes can be adjusted within the Facebook profile settings: Facebook Ad Preferences , or through the U.S. website or the EU website These settings apply across platforms, meaning they will be applied to all devices, including desktop computers and mobile devices.


Within our online offering, features and content from the service Instagram, provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, can be integrated. This may include content such as images, videos, or text, as well as buttons that allow users to share content from this online offering within Instagram. If users are members of the Instagram platform, Instagram can associate the access to the aforementioned content and features with their profiles. Instagram’s privacy policy.

Google / YouTube

Within our online offering, features and content from the service YouTube, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, can be integrated. This may include content such as images, videos, or text, as well as buttons that allow users to share content from this online offering within YouTube. If users are members of the YouTube platform, YouTube can associate the access to the aforementioned content and features with their profiles. YouTube’s privacy policy., Opt-Out:, Privacy Shield:


For the multilingualism of our website, we use the Polylang program. Polylang is a product of WP SYNTEX, 28 rue Jean Sebastien Bach, 38090 Villefontaine, France. Polylang cookies are exclusively set to recognize and retain the language used or selected by the user. These cookies are stored for one year and are then deleted.

For more information on data protection compliance, please see here:

Use of the WP Statistics analysis tool

This website uses the WP Statistics analysis tool developed by the Verona Labs team for statistical evaluation of visitor traffic. The purpose of data collection and analysis is the continuous improvement of our website and its offerings.

WP Statistics allows for an overview of statistics about website visitors. For example, it can measure how many visitors accessed a specific page and what proportion of them used a smartphone.

The statistics provided by WP Statistics are based on data that is necessarily transmitted for the connection between web browsers and web servers (see log data). WP Statistics does not require the use of cookies.

When using WP Statistics, the protection of your privacy and personal data is paramount. WP Statistics does not collect any additional visitor data. Instead, WP Statistics anonymizes IP addresses of visitors before storage. Personal identification of a visitor is therefore not possible, even retrospectively.

Ultimate Member

Access to the protected area, which is only made available to registered persons (traders/press), is implemented using “Ultimate Member”, 272 Bath Street, Glasgow, G2 4JR, Scotland. Details on the data protection of Ultimate Member can be found at:

The use of the “Ultimate Member” plugin is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in efficient user management and authentication on our website.